Security concerns over Clubhouse chat app

Company says it's reviewing data protection after China moved to shut access to the new US social media platform

by Karina Tsui
Security concerns over Clubhouse chat app
The social audio app Clubhouse is seen on a mobile phone in this picture taken on Feb 8, 2021 by Florence Lo/Reuters.

(ATF) For a few weeks, Clubhouse, an audio chat app developed in Silicon Valley, was a popular forum for conversations deemed contentious in China. However, last Monday evening, the inevitable happened – when users logged in from the mainland, they were met with a blank page displaying an error.

Though this abrupt shutdown of the social media platform was unsurprising, it raises concerns on just how much Chinese authorities have listened to and the extent to which they will go to punish those who crossed political boundaries.

“Clubhouse represents a new medium – real-time, participatory audio discussions that are perhaps more potent for changing people’s minds than most other mediums,” Fergus Ryan, an analyst at the Australian Strategic Policy Institute who is an expert on technology censorship in China. “From Beijing’s perspective, this new medium poses a unique threat to the efficacy of their propaganda efforts.”

One user, who asked not to be named, joined Clubhouse out of curiosity over the rising trend but found himself taking part in discussions with people he never imagined would interact. 

In one chatroom, he described Uighur activists speaking emotionally to Han Chinese people about the repressive treatment of the ethnic group in Xinjiang. “I was touched by the moments when Han Chinese people acknowledged their ignorance and changed their views on the topic,” he said. 

In another conversation, members in Taiwan, Hong Kong, the mainland and across the Chinese diaspora spoke at length about the Tiananmen Square massacres. Recently, Chinese dissident artist Ai Wei Wei led a conversation on the topic of censorship in China – over 4,200 users listened in, maxing out the capacity of the chatroom. 

“There is this pent-up desire for wanting to discuss things,” Graham Webster, editor in chief of DigiChina, a project which analyzes China’s digital policy developments, said. “But no one should have expected a forum with uncontrolled discussion of the most sensitive issues to stay available in China. If there’s a surprise, it’s that the action came so quickly – though the platform’s rise in prominence also did.”

Repercussions?

Ryan feared some participants may suffer repercussions. “It is highly likely that their conversations were being monitored, recorded and transcribed and that there will be consequences down the line for people who have crossed political ‘red lines’,” he said. The analyst, who tuned to several discussions, said Chinese authorities probably auto-transcribed conversations and scanned for keywords such as “Boycotting the Olympics”, “Tibet” or “Xinjiang”. 

Clubhouse is only available to iPhone users with access to a non-Chinese Apple Store, but the real novelty lies in the fact that the app is invitation-only. The audio platform launched in May 2020 and primarily catered to tech and business enthusiasts in the US.

Last week, however, the app saw a spike in downloads when Elon Musk hosted a chatroom discussion with Robinhood’s CEO Vlad Tenev. In China, users flocked to e-commerce sites like Tao Bao and eBay to pay up to US$70 for an invitation. 

“I feel like we’re experiencing a moment for Chinese language groups,” said Webster, who acknowledged the lack of platforms for Chinese-speaking people, both inside and outside the 'Great Firewall', to exchange information and interact. “People are taking a calculated risk because it is powerful to speak.”

Webster said that specialists abroad may feel that the words of the government are a reflection of the Chinese people and this could cause companies significant risk. In order to bridge that communication gap, human rights experts need to develop policies to ensure cross-border dialogues can take place in a safe way.

“It’s crucial that there be some ways for Chinese and Americans to have conversations as channels are getting fewer and fewer.”

Since February 1, Clubhouse has recorded over two million users and is valued at  $1 billion – on a par with Unicorn startups like Air B&B and Uber.

Clubhouse reviewing data protection 

Clubhouse said on Saturday (US time) it is reviewing its data protection practices, after a report by the Stanford Internet Observatory said it contained security flaws that left users' data vulnerable to access by the Chinese government. 

The app said in a response to the study, published by the research group at Stanford University, that while it had opted not to make the app available in China, some people had found a workaround to download the app which meant the conversations they were a part of could be transmitted via Chinese servers.

"With the help of researchers at the Stanford Internet Observatory (SIO), we have identified a few areas where we can further strengthen our data protection," the company said in a statement.

"Over the next 72 hours, we are rolling out changes to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers. We also plan to engage an external data security firm to review and validate these changes." 

The move to block Chinese users from accessing the app triggered frustration and fears of government surveillance, Reuters said.

The Stanford Internet Observatory said it had confirmed that Chinese tech firm Agora supplied back-end infrastructure to Clubhouse, and that it would likely have access to users' raw audio, potentially providing access to the Chinese government.

It also said it observed room metadata relayed to servers it believed were hosted in China and audio to servers managed by Chinese entities. However, it believed the Chinese government would not be able to access the data if the audio was stored in the United States.

An Agora spokesman said the company did not have access to or store personal data, and does not route through China voice or video traffic generated from users outside China, including US users. It provides software that allows customers "to build their security and privacy infrastructure in a way that is both compliant and relevant to their end-users," a spokesman said in an e-mail. 

Stanford Internet Observatory said it "chose to disclose these security issues because they are both relatively easy to uncover and because they pose immediate security risks to Clubhouse's millions of users, particularly those in China". 

Data analytics firm Sensor Tower said the app, which is only available on Apple's iPhone, had about 3.6 million users worldwide as of February 2, with 1.1 million registered in the prior six days.

With reporting by Reuters 

ALSO SEE:

Beijing vows to shield firms from US sanctions over Xinjiang

Marks and Spencers ban on Xinjiang cotton puts China stores on the spot

Social media Clubhouse Chat app Silicon Valley security concerns China access blocked repercussions for participants? Fergus Ryan iPhone audio platform Elon Musk Company review Data protection Stanford Internet Observatory encryption? Agora